Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Makes changes to IR configuration docs #75158

Closed
wants to merge 1 commit into from
Closed

Makes changes to IR configuration docs #75158

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
54 changes: 43 additions & 11 deletions modules/registry-configuring-registry-storage-rhodf-cephrgw.adoc
View file
Open in desktop
Expand Up @@ -63,38 +63,70 @@ $ AWS_ACCESS_KEY_ID=$(oc get secret -n openshift-storage rgwbucket -o jsonpath='
$ AWS_SECRET_ACCESS_KEY=$(oc get secret -n openshift-storage rgwbucket -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 --decode)
----

. Create the secret `image-registry-private-configuration-user` with the AWS credentials for the new bucket under `openshift-image-registry project` by entering the following command:
. If the image registry is exposed externally:

.. Create a `route` resource if one does not already exist. For example:
+
[source,yaml]
----
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: s3-rgw
namespace: openshift-storage
labels:
app: rook-ceph-rgw
ceph_daemon_id: ocs-storagecluster-cephobjectstore
ceph_daemon_type: rgw
rgw: ocs-storagecluster-cephobjectstore
rook_cluster: openshift-storage
rook_object_store: ocs-storagecluster-cephobjectstore
spec:
to:
kind: Service
name: rook-ceph-rgw-ocs-storagecluster-cephobjectstore
weight: 100
port:
targetPort: http
tls:
termination: edge
insecureEdgeTerminationPolicy: Allow
wildcardPolicy: None
----

.. Enter the following command to extract the host of the Ceph RGW `route` resource and assign it to the variable `$route_host`:
+
[source,terminal]
----
$ oc create secret generic image-registry-private-configuration-user --from-literal=REGISTRY_STORAGE_S3_ACCESSKEY=${AWS_ACCESS_KEY_ID} --from-literal=REGISTRY_STORAGE_S3_SECRETKEY=${AWS_SECRET_ACCESS_KEY} --namespace openshift-image-registry
$ route_host=$(oc get route s3-rgw -n openshift-storage --template='{{ .spec.host }}')
----

. Get the `buckethost` value by entering the following command:
. If the image registry is not exposed externally:

.. Enter the following command to delete the existing `image-registry-s3-bundle` ConfigMap:
+
[source,terminal]
----
$ route_host=$(oc get objectbucket $bucket_name -n openshift-storage -o=jsonpath='{.spec.endpoint.bucketHost}')
$ oc delete configmap image-registry-s3-bundle -n openshift-config
----
+

. Create a config map that uses an ingress certificate by entering the following commands:
.. Enter the following command to extract the SSL/TLS certificate from the secret:
+
[source,terminal]
----
$ oc extract secret/router-certs-default -n openshift-ingress --confirm
$ oc extract secret/ocs-storagecluster-cos-ceph-rgw-tls-cert -n openshift-storage --confirm
----

.. Enter the following command to recreate the ConfigMap with the extracted certificate:
+
[source,terminal]
----
$ oc create configmap image-registry-s3-bundle --from-file=ca-bundle.crt=./tls.crt -n openshift-config
$ oc create configmap image-registry-s3-bundle --from-file=ca-bundle.crt=./tls.crt -n openshift-config
----

. Configure the image registry to use the Ceph RGW object storage by entering the following command:
+
[source,terminal]
----
$ oc patch config.image/cluster -p '{"spec":{"managementState":"Managed","replicas":2,"storage":{"managementState":"Unmanaged","s3":{"bucket":'\"${bucket_name}\"',"region":"us-east-1","regionEndpoint":'\"https://${route_host}\"',"virtualHostedStyle":false,"encrypt":false,"trustedCA":{"name":"image-registry-s3-bundle"}}}}}' --type=merge
----


----